commit 9770924f9bd6de3d64041f4a725dea7c958721b7
author Bodo Möller <bodo@openssl.org> Tue Feb 08 17:48:57 2011 +0000
committer Bodo Möller <bodo@openssl.org> Tue Feb 08 17:48:57 2011 +0000
tree b5f4423e7098b1ca8c291c03b1d0e4304a216e32
parent f4001a0d192a2462bcedbaadf95e778ddc352ebb

OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Submitted by: Neel Mehta, Adam Langley, Bodo Moeller

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2772808..4f8199f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -954,6 +954,7 @@
 						}
 					n2s(data, idsize);
 					dsize -= 2 + idsize;
+					size -= 2 + idsize;
 					if (dsize < 0)
 						{
 						*al = SSL_AD_DECODE_ERROR;
@@ -992,9 +993,14 @@
 					}
 
 				/* Read in request_extensions */
+				if (size < 2)
+					{
+					*al = SSL_AD_DECODE_ERROR;
+					return 0;
+					}
 				n2s(data,dsize);
 				size -= 2;
-				if (dsize > size) 
+				if (dsize != size)
 					{
 					*al = SSL_AD_DECODE_ERROR;
 					return 0;